-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(IAC-732) - implement `Run only when user is logged on #150
Conversation
scheduled_task is a typeBreaking changes to this file MAY impact these 10 modules (near match):This module is declared in 0 of 575 indexed public
|
Codecov Report
@@ Coverage Diff @@
## master #150 +/- ##
==========================================
- Coverage 95.31% 94.97% -0.35%
==========================================
Files 6 6
Lines 833 835 +2
==========================================
- Hits 794 793 -1
- Misses 39 42 +3
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a minor comment, otherwise LGTM
REFERENCE.md
Outdated
@@ -66,6 +66,10 @@ Please also note that Puppet must be running as a privileged user | |||
in order to manage `scheduled_task` resources. Running as an | |||
unprivileged user will result in 'access denied' errors. | |||
|
|||
If a user is specified without an accompanying password the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If a user is specified without an accompanying password the | |
If a user is specified without an accompanying password, the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
Since the enhancement intended to help sysadmins, pulled in as puppetlabs#150: When not setting a password, this is interpreted as "Run only when user is logged on". When configuring a scheduled task to use a Group Managed Service Account (gMSA) principal, there is no password to provide. The scheduler will get the password automatically when properly configured, and should be able to run the task even though the service account is not "logged on". Otherwise, the Managed Service Account is never "logged on" so the task does not run on expected schedule. It does not seem viable to add a proper test case for this particular situation without an AD domain configuration and a proper gMSA in place. Without a correct gMSA, an error message stating "No mapping between account names and security IDs was done" appears to be returned.
No description provided.